Compare commits
68 Commits
Author | SHA1 | Date |
---|---|---|
fabrice.regnier | 9dc73bf077 | 7 months ago |
fabrice.regnier | cf2b702eb5 | 7 months ago |
fabrice.regnier | 23d03f8ba0 | 7 months ago |
fabrice.regnier | 5ed8b36c28 | 7 months ago |
Gael | 3cd5d20de6 | 11 months ago |
fab | 2685f7bb11 | 11 months ago |
Francois Lesueur | f0270a56ec | 11 months ago |
Francois Lesueur | 0f5412ea8b | 11 months ago |
Francois Lesueur | 5fb573f447 | 11 months ago |
Francois Lesueur | 5b2f572453 | 11 months ago |
Francois Lesueur | 958a6225b1 | 11 months ago |
Francois Lesueur | 41e7591163 | 11 months ago |
Francois Lesueur | 4117afd993 | 11 months ago |
Francois Lesueur | c7e438d4ee | 11 months ago |
Francois Lesueur | c4065559fc | 11 months ago |
Francois Lesueur | e9a2304438 | 12 months ago |
Gael | e116ba374e | 12 months ago |
Gael | 76c615ce5e | 12 months ago |
Francois Lesueur | dcaa2e3141 | 12 months ago |
Francois Lesueur | 006468a46e | 12 months ago |
Francois Lesueur | 0f81fba62b | 12 months ago |
Francois Lesueur | ca77a73d78 | 12 months ago |
Francois Lesueur | e843e6fc74 | 12 months ago |
Gael | 1dd6092aa8 | 12 months ago |
gael | afca48a56d | 1 year ago |
gael | 08ff2b0ca8 | 1 year ago |
Francois Lesueur | eb809b28b9 | 1 year ago |
Francois Lesueur | 982f552f37 | 1 year ago |
Francois Lesueur | 16d2a35666 | 1 year ago |
Francois Lesueur | 75f173148d | 1 year ago |
Francois Lesueur | d13bc4ac37 | 1 year ago |
Francois Lesueur | 26081d5d48 | 1 year ago |
Francois Lesueur | ea12e28122 | 1 year ago |
Francois Lesueur | ef45fe09f4 | 1 year ago |
Francois Lesueur | 15af47f8ff | 1 year ago |
Francois Lesueur | 1358b062e3 | 1 year ago |
Francois Lesueur | b91bff0e43 | 1 year ago |
Francois Lesueur | a1c8788e9e | 1 year ago |
gael | 2d5ae60d8f | 1 year ago |
gael | 9f53cc86f5 | 1 year ago |
fab | 9983b9f626 | 1 year ago |
fab | cf2508f823 | 1 year ago |
fab | 9d686f3e23 | 1 year ago |
fab | 330c3f0353 | 1 year ago |
fab | 3ead8d14fe | 1 year ago |
fab | ce67a4c196 | 1 year ago |
fab | 0364cdf7fd | 1 year ago |
francois.lesueur | a2c2105019 | 1 year ago |
Francois Lesueur | 20ae031467 | 1 year ago |
Francois Lesueur | 797d557afc | 1 year ago |
Francois Lesueur | f6d3134004 | 1 year ago |
Francois Lesueur | fe8ab22d15 | 1 year ago |
Francois Lesueur | bed3b4490e | 1 year ago |
Francois Lesueur | 8fa15e33d3 | 1 year ago |
gael | 3254d401a9 | 1 year ago |
Francois Lesueur | def800e181 | 1 year ago |
Francois Lesueur | aa3c77c29a | 1 year ago |
Francois Lesueur | 4c1e7bde33 | 1 year ago |
Francois Lesueur | 3974c20a84 | 1 year ago |
Francois Lesueur | e9ee502ae4 | 1 year ago |
Francois Lesueur | 8569a47c03 | 1 year ago |
Francois Lesueur | 326f6d7871 | 1 year ago |
francois.lesueur | bdd7f98379 | 1 year ago |
Francois Lesueur | ba1737a1fa | 1 year ago |
Francois Lesueur | a878cbd4f2 | 1 year ago |
Francois Lesueur | 63bb4d160f | 1 year ago |
Francois Lesueur | f9b16207d8 | 1 year ago |
Francois Lesueur | 75a4b60f57 | 1 year ago |
43 changed files with 972 additions and 802 deletions
@ -1,10 +1,12 @@ |
|||
.apt-mirror-config |
|||
.customDocker.sh |
|||
.customVM.sh |
|||
.proxy-config |
|||
.vagrant |
|||
DEADJOE |
|||
Vagrantfile |
|||
/files/log |
|||
/files/kaz/download |
|||
/files/kaz/git |
|||
/files/kaz/log |
|||
/files/customVM.sh |
|||
/files/snster-kaz/kaz/prod/customKaz.sh |
|||
|
@ -0,0 +1,45 @@ |
|||
# Utilisation d'un cache local |
|||
|
|||
Il est possible de configurer la VM pour utiliser un proxy et un registre docker du réseau local. L'intérêt est d'avoir un cache persistant lors de la reconstruction de la VM, ou de pouvoir rediriger certaines requêtes (dépôts Debian ou Alpine) vers des miroirs locaux. |
|||
|
|||
## Configuration de la VM |
|||
|
|||
Dans le dossier vagrant du host, il faut un fichier `files/customVM.sh`. Un fichier `files/customVM.sh.dist` est fourni en exemple : il suffit de le renommer en `customVM.sh`, puis de modifier les IP du proxy et du registre Docker upstreams dans les premières lignes en remplaçant par son IP privée sur le lan. ```hostname -I``` pour connaître son ip privée. |
|||
|
|||
Il est évidemment possible de n'activer que l'une des 2 fonctionnalités (soit que le proxy http externe, soit que le docker registry externe) en commentant les lignes associées. D'autres modifications de la VM peuvent aussi être réalisées dans ce fichier... |
|||
|
|||
## Installation d'un proxy squid sur l'hôte |
|||
|
|||
Pour installer un squid sur l'hôte : |
|||
* `apt install squid` |
|||
* Éditer `/etc/squid/squid.conf` : |
|||
* Décommenter la ligne `#http_access allow localnet` (ATTENTION ! Il faut bien décommenter cette ligne existante, et non l'ajouter à la fin, sa place dans le fichier de conf est importante). Ne pas confondre `allow localnet` et `allow localhost`. |
|||
* Ajouter à la fin : |
|||
``` |
|||
cache_dir aufs /var/spool/squid 5000 14 256 |
|||
maximum_object_size 4000 MB |
|||
http_port 3142 |
|||
``` |
|||
|
|||
penser à redémarrer le squid: `service squid restart` |
|||
|
|||
## Installation d'un docker-registry sur l'hôte |
|||
|
|||
Pour installer un docker-registry sur l'hôte : |
|||
* `apt install docker-registry` |
|||
* Éditer `/etc/docker/registry/config.yml` : |
|||
* Enlever la section `auth` |
|||
* Ajouter à la fin : |
|||
```yaml |
|||
proxy: |
|||
remoteurl: https://registry-1.docker.io |
|||
``` |
|||
|
|||
penser à redémarrer: `service docker-registry restart` |
|||
|
|||
Configurer une IP pérenne |
|||
------------------------- |
|||
|
|||
Si vous utilisez un ordinateur portable, votre adresse IP changera sûrement au grè de vos connexions à l'Internet. Dans ce cas il est préférable d'utiliser une adresse stable pour designer votre mandataire. |
|||
|
|||
Il est par exemple possible d'assigner une seconde adresse à la carte loopback de votre hôte avec `/sbin/ifconfig lo:0 192.168.128.1/24` |
@ -1,171 +0,0 @@ |
|||
# kaz-vagrant |
|||
|
|||
(ATTENTION, NON À JOUR POUR SNSTER) |
|||
|
|||
[Kaz](https://kaz.bzh/) est un CHATONS du Morbihan. Nous proposons ici un moyen de le répliquer dans d'autres lieux. Il y a des éléments de configuration à définir avant d'initialiser ce simulateur. |
|||
|
|||
Le principe est de faire fonctionner un simulateur de notre CHATONS dans une VirtualBox pour mettre au point nos différents services. |
|||
|
|||
Nous utilisons : |
|||
* Vagrant pour automatiser la création de la Machine Virtuelle |
|||
* VirtualBox pour simuler notre serveur |
|||
* Docker pour chaque service de notre serveur |
|||
|
|||
## Pré-requis |
|||
|
|||
Dans la suite, on imagine que vous disposer d'une machine sous Linux (par exemple dernière version de [Debian](https://fr.wikipedia.org/wiki/Debian)) |
|||
|
|||
Vous devez disposer d'un minimum de paquets : |
|||
|
|||
```bash |
|||
wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | apt-key add - |
|||
wget -q https://www.virtualbox.org/download/oracle_vbox.asc -O- | apt-key add - |
|||
apt install software-properties-common |
|||
add-apt-repository "deb [arch=amd64] http://download.virtualbox.org/virtualbox/debian $(lsb_release -cs) contrib" |
|||
apt update |
|||
apt install git vagrant virtualbox-6.1 linux-image |
|||
vagrant plugin install vagrant-disksize |
|||
``` |
|||
Lancez VirtualBox et vérifiez les mises à jours. |
|||
|
|||
Par la suite, si vous ne disposez pas d'un bon débit, il est conseiller d'installer `approx` et `squid` pour ne pas recharger systématiquement tous les paquets depuis l'internet. |
|||
|
|||
pour `approx`, vous pouvez choisir une partition de stockage `/mnt/big/approx` |
|||
```bash |
|||
apt-get install approx |
|||
netstat -ant | grep 9999 |
|||
mkdir /mnt/big/approx |
|||
chown -R approx : /mnt/big/approx |
|||
rmdir /var/cache/approx |
|||
ln -s /mnt/big/approx/ /var/cache/ |
|||
cd /etc/apt/ |
|||
grep -E "^[^#]" sources.list | cut -d " " -f2 | sort -u >> /etc/approx/approx.conf |
|||
``` |
|||
|
|||
Pour `squid`, vous pouvez choisir une partition de stockage `/mnt/big/squid` |
|||
|
|||
```bash |
|||
apt-get install squid |
|||
emacs /etc/squid/squid.conf |
|||
|
|||
mkdir /mnt/big/squid |
|||
chown -R proxy: /mnt/big/squid |
|||
rmdir /var/spool/squid/ |
|||
ln -s /mnt/big/squid/ /var/spool/squid/ |
|||
|
|||
/etc/init.d/squid restart |
|||
``` |
|||
|
|||
Si vous utilisez un ordinateur portable, votre adresse IP changera sûrement au grè de vos connexions à l'Internet. Dans ce cas il est préférable d'utiliser une adresse stable pour designer votre mandataire. Après vous êtes connecté, il faudra ajouter une adresse à la carte réseaux qui est active. |
|||
Dans l'exemple suivant, nous imaginons que la connexion utilise le wifi `wlo1̀ que nous utilisons une classe privée locale `192.168.128.0/25̀ et que notre machine utilisera la première adresse. |
|||
|
|||
```bash |
|||
/sbin/ifconfig |
|||
/sbin/ifconfig wlo1:0 192.168.128.1/25 |
|||
/sbin/ifconfig wlo1:0 up |
|||
/sbin/ifconfig |
|||
``` |
|||
|
|||
## Installation |
|||
|
|||
* Télécharger le dépôt kaz-vagrant ou utilisez la commande : |
|||
```bash |
|||
git clone https://git.kaz.bzh/KAZ/kaz-vagrant.git # pour essayer |
|||
git clone git+ssh://git@git.kaz.bzh:2202/KAZ/kaz-vagrant.git # pour contribuer |
|||
cd kaz-vagrant/ |
|||
``` |
|||
* Personalisez votre simulateur avec la commande (au besoin ajustez la mémoire et les cpus utilisés dans Vagrantfile) : |
|||
```bash |
|||
vagrant plugin install vagrant-disksize |
|||
init.sh |
|||
``` |
|||
* Personnalisez le miroir des paquets Debian si vous en avez un (sinon ignorez cette étape). |
|||
Pour cela créez un fichier qui défini des variables d'environnements qui pointent vers l'hôte et le port (dans l'exemple suivant on prend (machine : **__mirror-host__**, port : **__mirror-port__**) dans un fichier `files/.apt-mirror-config` comme ci-dessous |
|||
``` |
|||
APT_MIRROR_DEBIAN=mirror-host:mirror-port |
|||
APT_MIRROR_SECURITY=mirror-host:mirror-port |
|||
``` |
|||
|
|||
VirtualBox utilise un réseau privé 172.17.X.X |
|||
|
|||
Pour pouvoir désigner dans conflit votre PC comme mirror, vous pouvez déclarer un autre réseau (par exemple 172.19.X.X) |
|||
```bash |
|||
/sbin/ifconfig (eno2) add 172.19.1.1 netmask 255.255.255.0 |
|||
``` |
|||
Dans ce cas, il faut refaire le init.sh pour mettre à jour l'adresse IP du serveur mirroir. |
|||
|
|||
|
|||
* Pour créer tout l'univers Kaz il faut se placer dans le répertoire et lancer la commande : |
|||
```bash |
|||
vagrant up |
|||
``` |
|||
Il faudra répondre "docker0" à la question "Which interface should the network bridge to?" |
|||
|
|||
|
|||
Il est possible d'interrompre la création à la coquille vide (sans les services) pour des question de mise au point avec la commande : |
|||
```bash |
|||
NOKAZ="true" vagrant up |
|||
``` |
|||
Il se peut que le répertoire `/vagrant` ne soit pas monté. Dans ce cas. Quittez la VM et relancez `vagrant up`. |
|||
|
|||
Il est possible de choisir de tester une autres branche de développement du dépôt de Kaz. |
|||
```bash |
|||
KAZBRANCH="develop" vagrant up |
|||
``` |
|||
|
|||
* Une fois la commande de création de l'univers, il faut patienter... |
|||
|
|||
* Après il faut patienter encore un peu si on a pas la fibre ... |
|||
|
|||
La fenêtre de virtualbox va se lancer et l'installation va se poursuivre |
|||
|
|||
La progression est visible dans la fenêtre où la commande vagrant est lancée. |
|||
|
|||
## Utilisation |
|||
|
|||
Les utilisateurs créés sont |
|||
* debian/debian |
|||
* root/root. |
|||
|
|||
Si vous avec laissé la création des dockers, il faut bien attendre la fermeture automatique de la fenêtre et l'apparition de l'écran de connexion (on vous a dit que c'était long). |
|||
|
|||
|
|||
Vous pouvez alors démarrer le client de messagerie clawsmail dans lequel 4 comptes ont été paramétrés (contact1@kaz.local, contact2@kaz.local, contact3@kaz.local, contact4@kaz.local) |
|||
|
|||
Il y a un aperçu de l'état des services avec l'url https://kaz.local/status/allServices.html |
|||
|
|||
![status](/doc/images/allServices.jpg) |
|||
|
|||
Les erreurs 502 correspondent à des fonctions en cours de développement. Les message "Can't open this page" correspond au fait que le services refuse pour des raison de sécurité de de fonctionner embarqué dans une page. |
|||
|
|||
|
|||
Vous pouvez également démarrer firefox avec les URL suivantes: |
|||
* https://www.kaz.local |
|||
* https://tableur.kaz.local |
|||
* https://pad.kaz.local |
|||
|
|||
* https://depot.kaz.local |
|||
* https://agora.kaz.local/login (compte contact1@kaz.local créé, mot de passe toto) |
|||
* https://cloud.kaz.local/login (compte contact1@kaz.local créé, mot de passe totototototototo1234 ) |
|||
* https://sondage.kaz.local |
|||
|
|||
Il vous faudra accepter les alertes de sécurité pour certificat absent (web et messagerie) |
|||
|
|||
## Echanges avec la machine virtuelle |
|||
|
|||
En cas de nouvelle re-création, la clef privée sera mise à jour. Il faudra effacer l'ancienne pour ne pas avoir le message : |
|||
``` |
|||
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ |
|||
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ |
|||
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ |
|||
``` |
|||
|
|||
Pour cela il faut supprimer l'entrée des hôtes connus : |
|||
```bash |
|||
ssh-keygen -f ~/.ssh/known_hosts -R "[127.0.0.1]:2222" |
|||
``` |
|||
|
|||
Pour copier des fichiers vers la machine virtuelle : |
|||
```bash |
|||
rsync -rlptDEHAX --no-o -e "ssh -p 2222 -i ~/git/kaz-vagrant/.vagrant/machines/default/virtualbox/private_key" src vagrant@127.0.0.1:/dst |
|||
``` |
@ -0,0 +1,50 @@ |
|||
# coding: utf-8 |
|||
# -*- mode: ruby -*- |
|||
# vi: set ft=ruby : |
|||
|
|||
unless Vagrant.has_plugin?("vagrant-disksize") |
|||
raise Vagrant::Errors::VagrantError.new, "vagrant-disksize plugin is missing. Please install it using 'vagrant plugin install vagrant-disksize' and rerun 'vagrant up'" |
|||
end |
|||
|
|||
# All Vagrant configuration is done below. The "2" in Vagrant.configure |
|||
# configures the configuration version (we support older styles for |
|||
# backwards compatibility). Please don't change it unless you know what |
|||
# you're doing. |
|||
Vagrant.configure("2") do |config| |
|||
|
|||
required_plugins = %w( vagrant-disksize ) |
|||
_retry = false |
|||
required_plugins.each do |plugin| |
|||
unless Vagrant.has_plugin? plugin |
|||
system "vagrant plugin install #{plugin}" |
|||
_retry=true |
|||
end |
|||
end |
|||
|
|||
if (_retry) |
|||
exec "vagrant " + ARGV.join(' ') |
|||
end |
|||
|
|||
config.vm.box = "debian/bullseye64" |
|||
config.vm.hostname = 'kaz-vm' |
|||
config.disksize.size = '50GB' |
|||
|
|||
config.vm.provider "virtualbox" do |vb| |
|||
vb.memory = "4096" |
|||
vb.cpus = "2" |
|||
vb.name = "kaz-vm" |
|||
vb.customize ["modifyvm", :id, "--vram", "64", "--clipboard-mode", "bidirectional", '--graphicscontroller', 'vmsvga', '--natnet1', '192.168.64.0/24'] |
|||
vb.gui = true |
|||
end |
|||
|
|||
|
|||
|
|||
#permet d'avoir un répertoire partagé entre la VM et le host |
|||
config.vm.synced_folder "/tmp/", "/tmp_host" |
|||
config.vm.synced_folder "files/", "/root/kaz-vagrant" |
|||
|
|||
config.vm.provision "shell" do |s| |
|||
s.inline = "/vagrant/files/vm-provision.sh" |
|||
s.env = {"KAZGUARD" => "true", "HOSTLANG" => ENV['LANG'], "NOKAZ" => ENV['NOKAZ'], "KAZBRANCH" => ENV['KAZBRANCH']} |
|||
end |
|||
end |
@ -1,95 +0,0 @@ |
|||
# coding: utf-8 |
|||
# -*- mode: ruby -*- |
|||
# vi: set ft=ruby : |
|||
|
|||
unless Vagrant.has_plugin?("vagrant-disksize") |
|||
raise Vagrant::Errors::VagrantError.new, "vagrant-disksize plugin is missing. Please install it using 'vagrant plugin install vagrant-disksize' and rerun 'vagrant up'" |
|||
end |
|||
|
|||
# All Vagrant configuration is done below. The "2" in Vagrant.configure |
|||
# configures the configuration version (we support older styles for |
|||
# backwards compatibility). Please don't change it unless you know what |
|||
# you're doing. |
|||
Vagrant.configure("2") do |config| |
|||
|
|||
required_plugins = %w( vagrant-vbguest vagrant-disksize ) |
|||
_retry = false |
|||
required_plugins.each do |plugin| |
|||
unless Vagrant.has_plugin? plugin |
|||
system "vagrant plugin install #{plugin}" |
|||
_retry=true |
|||
end |
|||
end |
|||
|
|||
if (_retry) |
|||
exec "vagrant " + ARGV.join(' ') |
|||
end |
|||
|
|||
config.vm.box = "debian/bullseye64" |
|||
config.vm.hostname = 'kaz-vm' |
|||
config.disksize.size = '32GB' |
|||
|
|||
# Disable automatic box update checking. If you disable this, then |
|||
# boxes will only be checked for updates when the user runs |
|||
# `vagrant box outdated`. This is not recommended. |
|||
# config.vm.box_check_update = false |
|||
|
|||
# Create a forwarded port mapping which allows access to a specific port |
|||
# within the machine from a port on the host machine. In the example below, |
|||
# accessing "localhost:8080" will access port 80 on the guest machine. |
|||
# config.vm.network "forwarded_port", guest: 80, host: 8080 |
|||
|
|||
# Create a private network, which allows host-only access to the machine |
|||
# using a specific IP. |
|||
# config.vm.network "private_network", ip: "192.168.33.10" |
|||
|
|||
# Create a public network, which generally matched to bridged network. |
|||
# Bridged networks make the machine appear as another physical device on |
|||
# your network. |
|||
# config.vm.network "public_network" |
|||
|
|||
# Share an additional folder to the guest VM. The first argument is |
|||
# the path on the host to the actual folder. The second argument is |
|||
# the path on the guest to mount the folder. And the optional third |
|||
# argument is a set of non-required options. |
|||
# config.vm.synced_folder "data", "/vagrant_data" |
|||
# config.vm.synced_folder "..", "/root/mi-lxc", create:true, type:"rsync", |
|||
# rsync__exclude: [".git/", "zzlocal/", "vagrant/"] |
|||
|
|||
# Provider-specific configuration so you can fine-tune various |
|||
# backing providers for Vagrant. These expose provider-specific options. |
|||
# Example for VirtualBox: |
|||
# |
|||
config.vm.provider "virtualbox" do |vb| |
|||
# # Display the VirtualBox GUI when booting the machine |
|||
# vb.gui = true |
|||
# |
|||
# # Customize the amount of memory on the VM: |
|||
vb.memory = "4096" |
|||
vb.cpus="2" |
|||
vb.name = "kaz-vm" |
|||
vb.customize ["modifyvm", :id, "--vram", "64", "--clipboard-mode", "bidirectional", '--graphicscontroller', 'vmsvga', '--natnet1', '192.168.64.0/24'] |
|||
vb.gui = true |
|||
|
|||
end |
|||
|
|||
# Define a Vagrant Push strategy for pushing to Atlas. Other push strategies |
|||
# such as FTP and Heroku are also available. See the documentation at |
|||
# https://docs.vagrantup.com/v2/push/atlas.html for more information. |
|||
# config.push.define "atlas" do |push| |
|||
# push.app = "YOUR_ATLAS_USERNAME/YOUR_APPLICATION_NAME" |
|||
# end |
|||
|
|||
# Enable provisioning with a shell script. Additional provisioners such as |
|||
# Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the |
|||
# documentation for more information about their specific syntax and use. |
|||
|
|||
#permet d'avoir un répertoire partagé entre la VM et le host |
|||
config.vm.synced_folder "/tmp/", "/tmp_host" |
|||
config.vm.synced_folder "files/", "/root/kaz-vagrant" |
|||
|
|||
config.vm.provision "shell" do |s| |
|||
s.inline = "/vagrant/files/vm-provision.sh" |
|||
s.env = {"KAZGUARD" => "true", "HOSTLANG" => ENV['LANG'], "NOKAZ" => ENV['NOKAZ'], "KAZBRANCH" => ENV['KAZBRANCH']} |
|||
end |
|||
end |
Before Width: | Height: | Size: 156 KiB After Width: | Height: | Size: 103 KiB |
@ -0,0 +1,42 @@ |
|||
#!/bin/bash |
|||
|
|||
PROXY="192.168.0.121:3128" |
|||
REGISTRY="192.168.0.121:5000" |
|||
|
|||
# Pour le proxy http/https (https sans cache) avec iptables |
|||
cat >> /etc/rc.local <<EOF |
|||
#!/bin/sh |
|||
PROXY=${PROXY} |
|||
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 3142 -j DNAT --to \${PROXY} |
|||
iptables -t nat -A OUTPUT -p tcp -m tcp --dport 3142 -j DNAT --to \${PROXY} |
|||
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE |
|||
EOF |
|||
chmod +x /etc/rc.local |
|||
echo "net.ipv4.conf.eth0.route_localnet=1" >> /etc/sysctl.conf |
|||
sysctl -p |
|||
# fin proxy |
|||
|
|||
# Pour le cache docker |
|||
cat >> /etc/rc.local <<EOF |
|||
REGISTRY=${REGISTRY} |
|||
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 5000 -j DNAT --to \${REGISTRY} |
|||
EOF |
|||
# fin cache docker |
|||
|
|||
|
|||
bash /etc/rc.local |
|||
|
|||
# Un peu de customisation |
|||
DEBIAN_FRONTEND=noninteractive apt-get install -y vim rsync |
|||
rsync -a /vagrant/files/.emacs* /root/ |
|||
|
|||
|
|||
### |
|||
# Une autre façon de router vers un autre proxy http/https upstream, si on veut que la VM fasse le cache |
|||
### |
|||
# Pour le proxy http/https (https sans cache) avec squid config |
|||
#echo "cache_peer $(cut -d':' -f1 <<< $PROXY) parent $(cut -d':' -f2 <<< $PROXY) 0 no-query default |
|||
#acl all src 0.0.0.0/0.0.0.0 |
|||
#http_access allow all |
|||
#never_direct allow all" >> /etc/squid/squid.conf |
|||
#service squid restart |
@ -0,0 +1,25 @@ |
|||
# -- fichier de création des comptes KAZ |
|||
# -- |
|||
# -- 1 ligne par compte |
|||
# -- champs séparés par ;. les espaces en début et en fin sont enlevés |
|||
# -- laisser vide si pas de donnée |
|||
# -- pas d'espace dans les variables |
|||
# -- |
|||
# -- ORGA: nom de l'organisation (max 15 car), vide sinon |
|||
# -- ADMIN_ORGA: O/N indique si le user est admin de l'orga (va le créer comme admin du NC de l'orga et admin de l'équipe agora) |
|||
# -- NC_ORGA: O/N indique si l'orga a demandé un NC |
|||
# -- GARRADIN_ORGA: O/N indique si l'orga a demandé un garradin |
|||
# -- WP_ORGA: O/N indique si l'orga a demandé un wp |
|||
# -- AGORA_ORGA: O/N indique si l'orga a demandé un mattermost |
|||
# -- WIKI_ORGA: O/N indique si l'orga a demandé un wiki |
|||
# -- NC_BASE: O/N indique si le user doit être inscrit dans le NC de base |
|||
# -- GROUPE_NC_BASE: soit null soit le groupe dans le NC de base |
|||
# -- EQUIPE_AGORA: soit null soit equipe agora (max 15 car) |
|||
# -- QUOTA=(1/10/20/...) en GB |
|||
# -- |
|||
# NOM ; PRENOM ; EMAIL_SOUHAITE ; EMAIL_SECOURS ; ORGA ; ADMIN_ORGA ; NC_ORGA ; GARRADIN_ORGA ; WP_ORGA ; AGORA_ORGA ; WIKI_ORGA ; NC_BASE ; GROUPE_NC_BASE ; EQUIPE_AGORA ; QUOTA |
|||
|
|||
Hello1;Contact1;contact1@kaz.sns;contact2@kaz.sns; ;N;N;N;N;N;N;N; ; ;1;tototototo |
|||
Hello2;Contact2;contact2@kaz.sns;contact2@kaz.sns; ;N;N;N;N;N;N;N; ; ;1;tototototo |
|||
Hello3;Contact3;contact3@kaz.sns;contact2@kaz.sns; ;N;N;N;N;N;N;N; ; ;10;tototototo |
|||
Hello4;Contact4;contact4@kaz.sns;contact2@kaz.sns; ;N;N;N;N;N;N;N; ; ;10;tototototo |
@ -1,3 +1,4 @@ |
|||
# e-mail server composer |
|||
ldap |
|||
postfix |
|||
sympa |
@ -0,0 +1,2 @@ |
|||
proxy |
|||
#traefik |
@ -0,0 +1,52 @@ |
|||
#!/bin/bash |
|||
if [ -z "${SNSTERGUARD}" ] ; then |
|||
exit 1 |
|||
fi |
|||
|
|||
DIR=$(cd "$(dirname $0)"; pwd) |
|||
cd "${DIR}" |
|||
set -e |
|||
export OUTPUT_DIR="/root/install" |
|||
|
|||
|
|||
mkdir -p "${OUTPUT_DIR}/log/" |
|||
export DebugLog="${OUTPUT_DIR}/log/log-kaz-$(date +%y-%m-%d-%T)-" |
|||
( |
|||
echo "########## ********** Start kaz.sh $(date +%D-%T)" |
|||
|
|||
docker-clean -a |
|||
rm -rf /kaz |
|||
|
|||
if [ -z "${KAZBRANCH}" ] ; then |
|||
KAZBRANCH="master" |
|||
fi |
|||
echo -e "\n #### git checkout ${KAZBRANCH}\n" |
|||
|
|||
# copie des sources |
|||
cd / |
|||
git clone https://git.kaz.bzh/KAZ/kaz.git |
|||
(cd /kaz ; git checkout "${KAZBRANCH}" ) |
|||
|
|||
cp "${DIR}/kaz-config/dockers.env" /kaz/config/dockers.env |
|||
for type in mail orga proxy withMail withoutMail ; do |
|||
[ -f "${DIR}/kaz-config/container-${type}.list" ] && |
|||
cp "${DIR}/kaz-config/container-${type}.list" /kaz/config/ |
|||
done |
|||
|
|||
echo -e "\n #### secretGen\n" |
|||
/kaz/bin/secretGen.sh |
|||
|
|||
echo -e "\n #### install\n" |
|||
/kaz/bin/install.sh |
|||
|
|||
# On crée quelques comptes |
|||
mkdir -p /kaz/tmp |
|||
cp /root/createUser.txt /kaz/tmp/ |
|||
/kaz/bin/createUser.sh -e || true |
|||
|
|||
# clear apt cache |
|||
DEBIAN_FRONTEND=noninteractive apt-get autoremove -y |
|||
DEBIAN_FRONTEND=noninteractive apt-get clean |
|||
|
|||
echo "########## ********** End kaz.sh $(date +%D-%T)" |
|||
) > >(tee ${DebugLog}stdout.log) 2> >(tee ${DebugLog}stderr.log >&2) |
@ -0,0 +1,43 @@ |
|||
$TTL 86400 |
|||
$ORIGIN kaz.sns. |
|||
@ 1D IN SOA ns.kaz.sns. hostmaster.kaz.sns. ( |
|||
2002022401 ; serial |
|||
3H ; refresh |
|||
15 ; retry |
|||
1w ; expire |
|||
3h ; nxdomain ttl |
|||
) |
|||
IN NS ns.kaz.sns. |
|||
IN MX 10 smtp.kaz.sns. |
|||
IN A 100.80.0.2 |
|||
ns IN A 100.80.0.2 |
|||
kaz1 IN A 100.80.0.2 |
|||
kaz2 IN A 100.81.0.2 |
|||
smtp IN CNAME kaz1 |
|||
imap IN CNAME kaz1 |
|||
www IN CNAME kaz1 |
|||
mail IN CNAME kaz1 |
|||
cloud IN CNAME kaz1 |
|||
tableur IN CNAME kaz1 |
|||
dashboard IN CNAME kaz1 |
|||
dashboard2 IN CNAME kaz2 |
|||
sondage IN CNAME kaz1 |
|||
webmail IN CNAME kaz1 |
|||
garradin IN CNAME kaz1 |
|||
wiki IN CNAME kaz1 |
|||
git IN CNAME kaz1 |
|||
office IN CNAME kaz1 |
|||
depot IN CNAME kaz1 |
|||
ldap IN CNAME kaz1 |
|||
mobilizon IN CNAME kaz1 |
|||
mdp IN CNAME kaz1 |
|||
koffre IN CNAME kaz1 |
|||
pad IN CNAME kaz1 |
|||
agora IN CNAME kaz1 |
|||
listes IN MX 10 listes |
|||
pad2 IN CNAME kaz2 |
|||
listes IN A 100.80.1.2 |
|||
firewall IN A 100.80.0.1 |
|||
firewall IN AAAA 2001:db8:80::0:1 |
|||
router IN A 100.80.0.1 |
|||
router IN AAAA 2001:db8:80::0:1 |
@ -0,0 +1,134 @@ |
|||
#!/bin/bash |
|||
# Target DMZ |
|||
set -e |
|||
if [ -z $SNSTERGUARD ] ; then exit 1; fi |
|||
DIR=`dirname $0` |
|||
cd `dirname $0` |
|||
|
|||
# disable systemd-resolved which conflicts with nsd |
|||
echo "DNSStubListener=no" >> /etc/systemd/resolved.conf |
|||
systemctl stop systemd-resolved |
|||
|
|||
DEBIAN_FRONTEND=noninteractive apt-get update |
|||
DEBIAN_FRONTEND=noninteractive apt-get remove -y apache2 |
|||
DEBIAN_FRONTEND=noninteractive apt-get autoremove -y |
|||
|
|||
|
|||
# Go KAZ ! |
|||
# KAZ specific things |
|||
#installation de docker, docker-compose et on y fourre le user debian dans le groupe idoine |
|||
|
|||
DEBIAN_FRONTEND=noninteractive apt-get install -y dos2unix jq ldapvi argon2 docker.io docker-clean git apg curl sudo unzip rsync btrfs-progs ldap-utils unaccent # fuse-overlayfs |
|||
usermod -G docker debian |
|||
|
|||
# docker-compose |
|||
curl -SL https://github.com/docker/compose/releases/download/v2.17.3/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose |
|||
sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose |
|||
chmod +x /usr/bin/docker-compose |
|||
|
|||
# activation dans alias dans /root/.bashrc |
|||
sed -i \ |
|||
-e 's/^\# alias/alias/g' \ |
|||
-e 's/^\# export/export/g' \ |
|||
-e 's/^\# eval/eval/g' \ |
|||
/root/.bashrc |
|||
|
|||
if ! grep -q "for file in /dockers" /root/.bashrc 2>/dev/null; then |
|||
cat >> /root/.bashrc <<EOF |
|||
# enable bash completion in interactive shells |
|||
if ! shopt -oq posix; then |
|||
if [ -f /usr/share/bash-completion/bash_completion ]; then |
|||
. /usr/share/bash-completion/bash_completion |
|||
elif [ -f /etc/bash_completion ]; then |
|||
. /etc/bash_completion |
|||
fi |
|||
fi |
|||
for file in /kaz/bin/.*-completion.bash ; do |
|||
source "\${file}" |
|||
done |
|||
EOF |
|||
fi |
|||
|
|||
|
|||
# On met le GUARD pour la mise au point |
|||
echo "export SNSTERGUARD='true'" >> /root/.bashrc |
|||
|
|||
|
|||
# On place les certifs |
|||
cp -ar tls/root_ca.crt /usr/local/share/ca-certificates/ |
|||
/usr/sbin/update-ca-certificates --fresh |
|||
|
|||
mkdir -p /etc/letsencrypt/live/kaz.sns |
|||
cp tls/wildcard.crt /etc/letsencrypt/live/kaz.sns/fullchain.pem |
|||
cp tls/wildcard.key /etc/letsencrypt/live/kaz.sns/privkey.pem |
|||
|
|||
# On sauve le proxy APT |
|||
proxy=$(/sbin/ip route | awk '/default/ { print $3 }' | head -1) |
|||
sed -i -e "s/^proxy.*$/proxy=$proxy/" /usr/local/sbin/detect_proxy.sh |
|||
#echo "export http_proxy=\"http://$proxy:3142\"" > /etc/profile.d/proxy.sh |
|||
#echo "export https_proxy=\"http://$proxy:3142\"" >> /etc/profile.d/proxy.sh |
|||
|
|||
# Proxy pour les environnements durant les dockerbuilds |
|||
mkdir /root/.docker |
|||
echo "{ |
|||
\"proxies\": |
|||
{ |
|||
\"default\": |
|||
{ |
|||
\"httpProxy\": \"http://$proxy:3142\", |
|||
\"httpsProxy\": \"http://$proxy:3142\", |
|||
\"noProxy\": \"*.sns,127.0.0.1,localhost,127.0.0.0/8,100.64.0.0/10,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,agora\" |
|||
} |
|||
} |
|||
}" > /root/.docker/config.json |
|||
|
|||
# Proxy pour les docker pull -> commenté car pas de cache avec dockerhub |
|||
# echo "http_proxy=\"http://$proxy:3142\" |
|||
# https_proxy=\"http://$proxy:3142\" |
|||
# no_proxy=\"*.sns,127.0.0.0/8,100.64.0.0/10,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16\" |
|||
# " >> /etc/default/docker |
|||
|
|||
# On active btrfs+registry miroir pour docker |
|||
cat >> /etc/docker/daemon.json <<EOF |
|||
{ "storage-driver": "btrfs", |
|||
"registry-mirrors": ["http://$proxy:5000"] } |
|||
EOF |
|||
service docker restart |
|||
|
|||
# clear apt cache |
|||
DEBIAN_FRONTEND=noninteractive apt-get autoremove -y |
|||
DEBIAN_FRONTEND=noninteractive apt-get clean |
|||
|
|||
# On installe Kaz |
|||
ifconfig lo:0 100.80.0.2 |
|||
ifconfig lo:1 100.80.1.2 |
|||
echo "100.80.0.2 smtp imap www mail cloud cloud.kaz.sns tableur tableur.kaz.sns webmail webmail.kaz.sns garradin garradin.kaz.sns wiki wiki.kaz.sns git git.kaz.sns office office.kaz.sns depot depot.kaz.sns ldap ldap.kaz.sns mdp mdp.kaz.sns koffre koffre.kaz.sns pad pad.kaz.sns agora agora.kaz.sns dashboard dashboard.kaz.sns" >> /etc/hosts |
|||
echo "100.80.1.2 listes listes.kaz.sns" >> /etc/hosts |
|||
cp "${DIR}/kaz.sh" /root/kaz.sh |
|||
cp "${DIR}/createUser.txt" /root/ |
|||
cp -ar "${DIR}/kaz-config" /root/ |
|||
chmod +x /root/kaz.sh |
|||
bash "/root/kaz.sh" |
|||
sed -i -e "s/100.80.0.2.*//g" /etc/hosts |
|||
sed -i -e "s/100.80.1.2.*//g" /etc/hosts |
|||
|
|||
|
|||
# On démarre au boot |
|||
echo -e '#!/bin/sh\n/kaz/bin/container.sh start' >> /etc/rc.local |
|||
chmod +x /etc/rc.local |
|||
|
|||
|
|||
# notes fuse-overlayfs : |
|||
#mknod -m 666 /dev/fuse c 10 229 |
|||
#echo -e '#!/bin/sh\nmknod -m 666 /dev/fuse c 10 229' >> /etc/rc.local |
|||
#chmod +x /etc/rc.local |
|||
|
|||
# lxc.cgroup2.devices.allow = b 7:* rwm |
|||
# lxc.cgroup2.devices.allow = c 10:237 rwm |
|||
# |
|||
# mknod -m 666 /dev/loop0 b 7 0 |
|||
# mknod -m 666 /dev/loop-control c 10 237 |
|||
# truncate -s 30G /root/varlibdocker.img |
|||
# mkfs.btrfs /root/varlibdocker.img |
|||
# losetup -f /root/varlibdocker.img |
|||
# mount /dev/loop0 /var/lib/docker |
@ -0,0 +1,40 @@ |
|||
version: 1 |
|||
|
|||
header: |
|||
name: Hoster-B AS |
|||
comment: AS of the second hoster of Kaz CHATONS |
|||
|
|||
hosts: |
|||
router: |
|||
master: alpine |
|||
network: |
|||
interfaces: |
|||
eth0: |
|||
bridge: transit-a |
|||
ipv4: 100.64.0.11/24 |
|||
ipv6: 2001:db8:b000::11/48 |
|||
eth1: |
|||
bridge: hb-lan1 |
|||
ipv4: 100.81.0.1/24 |
|||
templates: |
|||
- bgprouter: |
|||
asn: 11 |
|||
asdev: eth1 |
|||
neighbors4: 100.64.0.1 as 30 |
|||
neighbors6: 2001:db8:b000::1 as 30 |
|||
- resolv: |
|||
ns: 100.100.100.100 |
|||
domain: kaz.sns |
|||
|
|||
kaz2: |
|||
network: |
|||
interfaces: |
|||
eth0: |
|||
bridge: hb-lan1 |
|||
ipv4: 100.81.0.2/24 |
|||
gatewayv4: 100.81.0.1 |
|||
templates: |
|||
- updatecaroots: |
|||
- resolv: |
|||
domain: kaz.sns |
|||
ns: 100.100.100.100 |
@ -0,0 +1,4 @@ |
|||
# e-mail server composer |
|||
#ldap |
|||
#postfix |
|||
#sympa |
@ -0,0 +1 @@ |
|||
# orga composer |
@ -0,0 +1,2 @@ |
|||
#proxy |
|||
traefik |
@ -0,0 +1,12 @@ |
|||
#cloud |
|||
#dokuwiki |
|||
#framadate |
|||
#garradin |
|||
#gitea |
|||
#jirafeau |
|||
#mattermost |
|||
#roundcube |
|||
#keycloak |
|||
#mobilizon |
|||
#vaultwarden |
|||
#ldap |
@ -0,0 +1,8 @@ |
|||
#cachet |
|||
#jirafeau |
|||
#ethercalc |
|||
#collabora |
|||
etherpad |
|||
#quotas |
|||
#web |
|||
#vigilo |
@ -0,0 +1,135 @@ |
|||
# Les variables d'environnements utilisées |
|||
# par les dockers via le lien : |
|||
# .env -> ../../config/dockers.env |
|||
|
|||
####################################### |
|||
# prod / dev / local |
|||
mode=local |
|||
|
|||
######################################## |
|||
# choix du domaine |
|||
# prod=kaz.bzh / dev=dev.kaz.bzh / local=kaz.local |
|||
domain=kaz.sns |
|||
|
|||
######################################## |
|||
# choix du domaine des mails sympa |
|||
# prod=kaz.bzh / dev=kaz2.ovh / local=kaz.local |
|||
domain_sympa=listes.kaz.sns |
|||
|
|||
######################################## |
|||
# choix d'un serveur partiel |
|||
# site=site-2 |
|||
site=kaz2 |
|||
acme_server="https://ca.mica.sns/acme/acme/directory" |
|||
|
|||
######################################## |
|||
# Pour garradin qui met en "dure" dans |
|||
# sa config l'URL pour l'atteindre |
|||
|
|||
# prod=https (gandi) / dev=https (letsencrypt) / local=http |
|||
httpProto=https |
|||
|
|||
# prod=89.234.186.111 / dev=192.168.57.1 / local=127.0.0.1 |
|||
MAIN_IP=100.81.0.2 |
|||
|
|||
# prod=89.234.186.151 / dev=192.168.57.2 / local=127.0.0.2 |
|||
SYMPA_IP=100.81.1.2 |
|||
|
|||
######################################## |
|||
# noms des services |
|||
|
|||
# ou www (mais bof) |
|||
webHost= |
|||
|
|||
cachetHost=cachet |
|||
calcHost=tableur |
|||
cloudHost=cloud |
|||
dateHost=sondage |
|||
dokuwikiHost=wiki |
|||
fileHost=depot |
|||
garHost=garradin |
|||
gitHost=git |
|||
gravHost=grav |
|||
ldapHost=ldap |
|||
matterHost=agora |
|||
officeHost=office |
|||
padHost=pad2 |
|||
quotasHost=quotas |
|||
smtpHost=smtp |
|||
sympaHost=listes |
|||
vigiloHost=vigilo |
|||
webmailHost=webmail |
|||
wordpressHost=wp |
|||
ldapUIHost=mdp |
|||
mobilizonHost=mobilizon |
|||
vaultwardenHost=koffre |
|||
traefikHost=dashboard2 |
|||
|
|||
######################################## |
|||
# ports internes |
|||
|
|||
matterPort=8000 |
|||
|
|||
######################################## |
|||
# noms des containers |
|||
|
|||
cachetServName=cachetServ |
|||
dokuwikiServName=dokuwikiServ |
|||
ethercalcServName=ethercalcServ |
|||
etherpadServName=etherpadServ |
|||
framadateServName=framadateServ |
|||
garradinServName=garradinServ |
|||
gitServName=gitServ |
|||
gravServName=gravServ |
|||
jirafeauServName=jirafeauServ |
|||
ldapServName=ldapServ |
|||
mattermostServName=mattermostServ |
|||
nextcloudServName=nextcloudServ |
|||
officeServName=officeServ |
|||
proxyServName=proxyServ |
|||
traefikServName=traefikServ |
|||
quotasServName=quotasServ |
|||
roundcubeServName=roundcubeServ |
|||
smtpServName=mailServ |
|||
sympaServName=sympaServ |
|||
vigiloServName=vigiloServ |
|||
webServName=webServ |
|||
wordpressServName=wpServ |
|||
mobilizonServName=mobilizonServ |
|||
vaultwardenServName=vaultwardenServ |
|||
|
|||
cachetDBName=cachetDB |
|||
ethercalcDBName=ethercalcDB |
|||
etherpadDBName=etherpadDB |
|||
framadateDBName=framadateDB |
|||
gitDBName=gitDB |
|||
mattermostDBName=mattermostDB |
|||
nextcloudDBName=nextcloudDB |
|||
quotasDBName=quotasDB |
|||
roundcubeDBName=roundcubeDB |
|||
sympaDBName=sympaDB |
|||
vigiloDBName=vigiloDB |
|||
wordpressDBName=wpDB |
|||
mobilizonDBName=mobilizonDB |
|||
vaultwardenDBName=vaultwardenDB |
|||
|
|||
ldapUIName=ldapUI |
|||
|
|||
######################################## |
|||
# politique de redémarrage |
|||
# prod=always / test=unless-stopped / local=no |
|||
restartPolicy=no |
|||
|
|||
######################################## |
|||
# devrait être dans env-jirafeauServ |
|||
# mais seuls les variables de ".env" sont |
|||
# utilisables pour le montage des volumes |
|||
|
|||
jirafeauDir=/var/jirafeauData/lkuDM16R5Sp4QHr/ |
|||
|
|||
ldap_root=dc=kaz,dc=sns |
|||
|
|||
######################################## |
|||
# services activés par container.sh |
|||
# variables d'environneements utilisées |
|||
# pour le tmpl du mandataire (proxy) |
@ -0,0 +1,50 @@ |
|||
#!/bin/bash |
|||
if [ -z "${SNSTERGUARD}" ] ; then |
|||
exit 1 |
|||
fi |
|||
|
|||
DIR=$(cd "$(dirname $0)"; pwd) |
|||
cd "${DIR}" |
|||
set -e |
|||
export OUTPUT_DIR="/root/install" |
|||
|
|||
|
|||
mkdir -p "${OUTPUT_DIR}/log/" |
|||
export DebugLog="${OUTPUT_DIR}/log/log-kaz-$(date +%y-%m-%d-%T)-" |
|||
( |
|||
echo "########## ********** Start kaz.sh $(date +%D-%T)" |
|||
|
|||
docker-clean -a |
|||
rm -rf /kaz |
|||
|
|||
if [ -z "${KAZBRANCH}" ] ; then |
|||
KAZBRANCH="master" |
|||
fi |
|||
echo -e "\n #### git checkout ${KAZBRANCH}\n" |
|||
|
|||
# copie des sources |
|||
cd / |
|||
git clone https://git.kaz.bzh/KAZ/kaz.git |
|||
(cd /kaz ; git checkout "${KAZBRANCH}" ) |
|||
|
|||
cp "${DIR}/kaz-config/dockers.env" /kaz/config/dockers.env |
|||
for type in mail orga proxy withMail withoutMail ; do |
|||
[ -f "${DIR}/kaz-config/container-${type}.list" ] && |
|||
cp "${DIR}/kaz-config/container-${type}.list" /kaz/config/ |
|||
done |
|||
|
|||
# copie certif de la CA locale pour traefik (nécessaire pour ACME/Smallstep) |
|||
cp /usr/local/share/ca-certificates/root_ca.crt /kaz/dockers/traefik/conf/ |
|||
|
|||
echo -e "\n #### secretGen\n" |
|||
/kaz/bin/secretGen.sh |
|||
|
|||
echo -e "\n #### install\n" |
|||
/kaz/bin/install.sh |
|||
|
|||
# clear apt cache |
|||
DEBIAN_FRONTEND=noninteractive apt-get autoremove -y |
|||
DEBIAN_FRONTEND=noninteractive apt-get clean |
|||
|
|||
echo "########## ********** End kaz.sh $(date +%D-%T)" |
|||
) > >(tee ${DebugLog}stdout.log) 2> >(tee ${DebugLog}stderr.log >&2) |
@ -0,0 +1,131 @@ |
|||
#!/bin/bash |
|||
# Target DMZ |
|||
set -e |
|||
if [ -z $SNSTERGUARD ] ; then exit 1; fi |
|||
DIR=`dirname $0` |
|||
cd `dirname $0` |
|||
|
|||
# disable systemd-resolved which conflicts with nsd |
|||
echo "DNSStubListener=no" >> /etc/systemd/resolved.conf |
|||
systemctl stop systemd-resolved |
|||
|
|||
DEBIAN_FRONTEND=noninteractive apt-get update |
|||
DEBIAN_FRONTEND=noninteractive apt-get remove -y apache2 |
|||
DEBIAN_FRONTEND=noninteractive apt-get autoremove -y |
|||
|
|||
|
|||
# Go KAZ ! |
|||
# KAZ specific things |
|||
#installation de docker, docker-compose et on y fourre le user debian dans le groupe idoine |
|||
|
|||
DEBIAN_FRONTEND=noninteractive apt-get install -y dos2unix jq ldapvi argon2 docker.io docker-clean git apg curl sudo unzip rsync btrfs-progs ldap-utils unaccent # fuse-overlayfs |
|||
usermod -G docker debian |
|||
|
|||
# docker-compose |
|||
curl -SL https://github.com/docker/compose/releases/download/v2.17.3/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose |
|||
sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose |
|||
chmod +x /usr/bin/docker-compose |
|||
|
|||
# activation dans alias dans /root/.bashrc |
|||
sed -i \ |
|||
-e 's/^\# alias/alias/g' \ |
|||
-e 's/^\# export/export/g' \ |
|||
-e 's/^\# eval/eval/g' \ |
|||
/root/.bashrc |
|||
|
|||
if ! grep -q "for file in /dockers" /root/.bashrc 2>/dev/null; then |
|||
cat >> /root/.bashrc <<EOF |
|||
# enable bash completion in interactive shells |
|||
if ! shopt -oq posix; then |
|||
if [ -f /usr/share/bash-completion/bash_completion ]; then |
|||
. /usr/share/bash-completion/bash_completion |
|||
elif [ -f /etc/bash_completion ]; then |
|||
. /etc/bash_completion |
|||
fi |
|||
fi |
|||
for file in /kaz/bin/.*-completion.bash ; do |
|||
source "\${file}" |
|||
done |
|||
EOF |
|||
fi |
|||
|
|||
|
|||
# On met le GUARD pour la mise au point |
|||
echo "export SNSTERGUARD='true'" >> /root/.bashrc |
|||
|
|||
|
|||
# On place les certifs |
|||
cp -ar tls/root_ca.crt /usr/local/share/ca-certificates/ |
|||
/usr/sbin/update-ca-certificates --fresh |
|||
|
|||
mkdir -p /etc/letsencrypt/live/kaz.sns |
|||
cp tls/wildcard.crt /etc/letsencrypt/live/kaz.sns/fullchain.pem |
|||
cp tls/wildcard.key /etc/letsencrypt/live/kaz.sns/privkey.pem |
|||
|
|||
# On sauve le proxy APT |
|||
proxy=$(/sbin/ip route | awk '/default/ { print $3 }' | head -1) |
|||
sed -i -e "s/^proxy.*$/proxy=$proxy/" /usr/local/sbin/detect_proxy.sh |
|||
#echo "export http_proxy=\"http://$proxy:3142\"" > /etc/profile.d/proxy.sh |
|||
#echo "export https_proxy=\"http://$proxy:3142\"" >> /etc/profile.d/proxy.sh |
|||
|
|||
# Proxy pour les environnements durant les dockerbuilds |
|||
mkdir /root/.docker |
|||
echo "{ |
|||
\"proxies\": |
|||
{ |
|||
\"default\": |
|||
{ |
|||
\"httpProxy\": \"http://$proxy:3142\", |
|||
\"httpsProxy\": \"http://$proxy:3142\", |
|||
\"noProxy\": \"*.sns,127.0.0.1,localhost,127.0.0.0/8,100.64.0.0/10,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,agora\" |
|||
} |
|||
} |
|||
}" > /root/.docker/config.json |
|||
|
|||
# Proxy pour les docker pull -> commenté car pas de cache avec dockerhub |
|||
# echo "http_proxy=\"http://$proxy:3142\" |
|||
# https_proxy=\"http://$proxy:3142\" |
|||
# no_proxy=\"*.sns,127.0.0.0/8,100.64.0.0/10,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16\" |
|||
# " >> /etc/default/docker |
|||
|
|||
# On active btrfs+registry miroir pour docker |
|||
cat >> /etc/docker/daemon.json <<EOF |
|||
{ "storage-driver": "btrfs", |
|||
"registry-mirrors": ["http://$proxy:5000"] } |
|||
EOF |
|||
service docker restart |
|||
|
|||
# clear apt cache |
|||
DEBIAN_FRONTEND=noninteractive apt-get autoremove -y |
|||
DEBIAN_FRONTEND=noninteractive apt-get clean |
|||
|
|||
# On installe Kaz |
|||
docker network create postfixNet # temp fix |
|||
ifconfig lo:0 100.81.0.2 |
|||
echo "100.81.0.2 smtp imap www mail cloud cloud.kaz.sns tableur tableur.kaz.sns webmail webmail.kaz.sns garradin garradin.kaz.sns wiki wiki.kaz.sns git git.kaz.sns office office.kaz.sns depot depot.kaz.sns ldap ldap.kaz.sns mdp mdp.kaz.sns koffre koffre.kaz.sns pad pad.kaz.sns agora agora.kaz.sns dashboard dashboard.kaz.sns" >> /etc/hosts |
|||
cp "${DIR}/kaz.sh" /root/kaz.sh |
|||
cp -ar "${DIR}/kaz-config" /root/ |
|||
chmod +x /root/kaz.sh |
|||
bash "/root/kaz.sh" |
|||
sed -i -e "s/100.81.0.2.*//g" /etc/hosts |
|||
|
|||
|
|||
# On démarre au boot |
|||
echo -e '#!/bin/sh\n/kaz/bin/container.sh start' >> /etc/rc.local |
|||
chmod +x /etc/rc.local |
|||
|
|||
|
|||
# notes fuse-overlayfs : |
|||
#mknod -m 666 /dev/fuse c 10 229 |
|||
#echo -e '#!/bin/sh\nmknod -m 666 /dev/fuse c 10 229' >> /etc/rc.local |
|||
#chmod +x /etc/rc.local |
|||
|
|||
# lxc.cgroup2.devices.allow = b 7:* rwm |
|||
# lxc.cgroup2.devices.allow = c 10:237 rwm |
|||
# |
|||
# mknod -m 666 /dev/loop0 b 7 0 |
|||
# mknod -m 666 /dev/loop-control c 10 237 |
|||
# truncate -s 30G /root/varlibdocker.img |
|||
# mkfs.btrfs /root/varlibdocker.img |
|||
# losetup -f /root/varlibdocker.img |
|||
# mount /dev/loop0 /var/lib/docker |
@ -1,71 +0,0 @@ |
|||
#!/bin/bash |
|||
if [ -z "${SNSTERGUARD}" ] ; then |
|||
exit 1 |
|||
fi |
|||
|
|||
DIR=$(cd "$(dirname $0)"; pwd) |
|||
cd "${DIR}" |
|||
set -e |
|||
export OUTPUT_DIR="/root/install" |
|||
|
|||
|
|||
mkdir -p "${OUTPUT_DIR}/log/" |
|||
export DebugLog="${OUTPUT_DIR}/log/log-kaz-$(date +%y-%m-%d-%T)-" |
|||
( |
|||
echo "########## ********** Start kaz.sh $(date +%D-%T)" |
|||
|
|||
docker-clean -a |
|||
rm -rf /kaz |
|||
|
|||
if [ -z "${KAZBRANCH}" ] ; then |
|||
KAZBRANCH="master" |
|||
fi |
|||
echo -e "\n #### git checkout ${KAZBRANCH}\n" |
|||
|
|||
|
|||
# copie des sources |
|||
cd / |
|||
[ -f kaz ] || git clone https://git.kaz.bzh/KAZ/kaz.git |
|||
(cd /kaz ; git checkout "${KAZBRANCH}" ) |
|||
find /kaz -name \*.sh -exec chmod a+x {} \; |
|||
|
|||
# pour ceux qui disposent d'un cache apt local et pas la fibre |
|||
if [ -f "${DIR}/.apt-mirror-config" ]; then |
|||
rsync -a "${DIR}/.apt-mirror-config" /kaz/ |
|||
fi |
|||
if [ -f "${DIR}/.proxy-config" ]; then |
|||
rsync -a "${DIR}/.proxy-config" /etc/profile.d/proxy.sh |
|||
rsync -a "${DIR}/.proxy-config" /kaz/ |
|||
fi |
|||
if [ -f "${DIR}/.docker-config.json" ]; then |
|||
mkdir -p /root/.docker |
|||
rsync -a "${DIR}/.docker-config.json" /root/.docker/config.json |
|||
fi |
|||
|
|||
|
|||
|
|||
echo -e "\n #### rsync download\n" |
|||
[ -d "${DIR}/kaz/download" ] && |
|||
rsync -a "${DIR}/kaz/download/" /kaz/download/ |
|||
[ -d "${DIR}/kaz/git" ] && |
|||
rsync -a "${DIR}/kaz/git/" /kaz/git/ |
|||
[ -f "${DIR}/kaz/config/dockers.env" ] && |
|||
[ ! -f "/kaz/config/dockers.env" ] && |
|||
rsync -a "${DIR}/kaz/config/dockers.env" /kaz/config/dockers.env |
|||
for type in mail orga proxy withMail withoutMail ; do |
|||
[ -f "${DIR}/kaz/config/container-${type}.list" ] && |
|||
[ ! -f "/kaz/config/config/container-${type}.list" ] && |
|||
rsync -a "${DIR}/kaz/config/container-${type}.list" /kaz/config/ |
|||
done |
|||
|
|||
echo -e "\n #### secretGen\n" |
|||
/kaz/bin/secretGen.sh |
|||
|
|||
/kaz/bin/install.sh |
|||
|
|||
# clear apt cache |
|||
DEBIAN_FRONTEND=noninteractive apt-get autoremove -y |
|||
DEBIAN_FRONTEND=noninteractive apt-get clean |
|||
|
|||
echo "########## ********** End kaz.sh $(date +%D-%T)" |
|||
) > >(tee ${DebugLog}stdout.log) 2> >(tee ${DebugLog}stderr.log >&2) |
@ -1,33 +0,0 @@ |
|||
$TTL 86400 |
|||
$ORIGIN kaz.sns. |
|||
@ 1D IN SOA ns.kaz.sns. hostmaster.kaz.sns. ( |
|||
2002022401 ; serial |
|||
3H ; refresh |
|||
15 ; retry |
|||
1w ; expire |
|||
3h ; nxdomain ttl |
|||
) |
|||
IN NS ns.kaz.sns. |
|||
IN MX 10 smtp.kaz.sns. |
|||
IN A 100.80.0.2 |
|||
ns IN A 100.80.0.2 |
|||
dmz IN A 100.80.0.2 |
|||
smtp IN CNAME dmz |
|||
imap IN CNAME dmz |
|||
www IN CNAME dmz |
|||
mail IN CNAME dmz |
|||
cloud IN CNAME dmz |
|||
tableur IN CNAME dmz |
|||
webmail IN CNAME dmz |
|||
garradin IN CNAME dmz |
|||
wiki IN CNAME dmz |
|||
git IN CNAME dmz |
|||
office IN CNAME dmz |
|||
depot IN CNAME dmz |
|||
ldap IN CNAME dmz |
|||
listes IN MX 10 listes |
|||
listes IN A 100.80.1.2 |
|||
firewall IN A 100.80.0.1 |
|||
firewall IN AAAA 2001:db8:80::0:1 |
|||
router IN A 100.80.0.1 |
|||
router IN AAAA 2001:db8:80::0:1 |
@ -1 +0,0 @@ |
|||
proxy |
@ -1,85 +0,0 @@ |
|||
#!/bin/bash |
|||
# Target DMZ |
|||
set -e |
|||
if [ -z $SNSTERGUARD ] ; then exit 1; fi |
|||
DIR=`dirname $0` |
|||
cd `dirname $0` |
|||
|
|||
# disable systemd-resolved which conflicts with nsd |
|||
echo "DNSStubListener=no" >> /etc/systemd/resolved.conf |
|||
systemctl stop systemd-resolved |
|||
|
|||
DEBIAN_FRONTEND=noninteractive apt-get update |
|||
DEBIAN_FRONTEND=noninteractive apt-get remove -y apache2 |
|||
DEBIAN_FRONTEND=noninteractive apt-get autoremove -y |
|||
|
|||
|
|||
# Go KAZ ! |
|||
# KAZ specific things |
|||
#installation de docker, docker-compose et on y fourre le user debian dans le groupe idoine |
|||
|
|||
DEBIAN_FRONTEND=noninteractive apt-get install -y docker.io docker-compose docker-clean git apg curl sudo unzip rsync btrfs-progs ldap-utils # fuse-overlayfs |
|||
usermod -G docker debian |
|||
# activation dans alias dans /root/.bashrc |
|||
sed -i \ |
|||
-e 's/^\# alias/alias/g' \ |
|||
-e 's/^\# export/export/g' \ |
|||
-e 's/^\# eval/eval/g' \ |
|||
/root/.bashrc |
|||
|
|||
if ! grep -q "for file in /dockers" /root/.bashrc 2>/dev/null; then |
|||
cat >> /root/.bashrc <<EOF |
|||
# enable bash completion in interactive shells |
|||
if ! shopt -oq posix; then |
|||
if [ -f /usr/share/bash-completion/bash_completion ]; then |
|||
. /usr/share/bash-completion/bash_completion |
|||
elif [ -f /etc/bash_completion ]; then |
|||
. /etc/bash_completion |
|||
fi |
|||
fi |
|||
for file in /kaz/bin/.*-completion.bash ; do |
|||
source "\${file}" |
|||
done |
|||
EOF |
|||
fi |
|||
|
|||
|
|||
# On met le GUARD pour la mise au point |
|||
echo "export SNSTERGUARD='true'" >> /root/.bashrc |
|||
|
|||
# On active fuse-overlayfs pour docker |
|||
cat >> /etc/docker/daemon.json <<EOF |
|||
{ "storage-driver": "btrfs" } |
|||
EOF |
|||
service docker restart |
|||
|
|||
#mknod -m 666 /dev/fuse c 10 229 |
|||
#echo -e '#!/bin/sh\nmknod -m 666 /dev/fuse c 10 229' >> /etc/rc.local |
|||
#chmod +x /etc/rc.local |
|||
|
|||
# lxc.cgroup2.devices.allow = b 7:* rwm |
|||
# lxc.cgroup2.devices.allow = c 10:237 rwm |
|||
# |
|||
# mknod -m 666 /dev/loop0 b 7 0 |
|||
# mknod -m 666 /dev/loop-control c 10 237 |
|||
# truncate -s 30G /root/varlibdocker.img |
|||
# mkfs.btrfs /root/varlibdocker.img |
|||
# losetup -f /root/varlibdocker.img |
|||
# mount /dev/loop0 /var/lib/docker |
|||
|
|||
# On place les certifs |
|||
if [ -d letsencrypt ]; then |
|||
cp -ar letsencrypt /etc/ |
|||
cp /etc/letsencrypt/local/rootCA.pem /usr/local/share/ca-certificates/rootCA.crt |
|||
/usr/sbin/update-ca-certificates --fresh |
|||
fi |
|||
|
|||
# ./kaz.sh |
|||
|
|||
# On démarre au boot |
|||
echo -e '#!/bin/sh\n/kaz/bin/container.sh start' >> /etc/rc.local |
|||
chmod +x /etc/rc.local |
|||
|
|||
# clear apt cache |
|||
DEBIAN_FRONTEND=noninteractive apt-get autoremove -y |
|||
DEBIAN_FRONTEND=noninteractive apt-get clean |
@ -1,20 +0,0 @@ |
|||
#!/bin/bash |
|||
# Installation de Kaz |
|||
|
|||
if [ -z "${KAZGUARD}" ] ; then |
|||
exit 1 |
|||
fi |
|||
|
|||
snster -c /root/snster-kaz start |
|||
sleep 10 |
|||
snster -c /root/snster-kaz attach kaz-prod -x /mnt/snster/root/snster-kaz/kaz/prod/kaz.sh |
|||
|
|||
# On crée quelques mails |
|||
SETUP_MAIL="docker exec mailServ setup" |
|||
snster -c /root/snster-kaz attach kaz-prod -x "${SETUP_MAIL} email add contact1@kaz.sns toto" |
|||
snster -c /root/snster-kaz attach kaz-prod -x "${SETUP_MAIL} email add contact2@kaz.sns toto" |
|||
snster -c /root/snster-kaz attach kaz-prod -x "${SETUP_MAIL} email add contact3@kaz.sns toto" |
|||
snster -c /root/snster-kaz attach kaz-prod -x "${SETUP_MAIL} email add contact4@kaz.sns toto" |
|||
|
|||
echo -e '#!/bin/sh\nsnster -c /root/snster-kaz start' >> /etc/rc.local |
|||
chmod +x /etc/rc.local |
@ -1,162 +0,0 @@ |
|||
#!/bin/bash |
|||
|
|||
### Personalisation de la VM |
|||
|
|||
cd "$(dirname $0)" |
|||
|
|||
BOLD='[1m' |
|||
RED='[0;31m' |
|||
GREEN='[0;32m' |
|||
YELLOW='[0;33m' |
|||
BLUE='[0;34m' |
|||
MAGENTA='[0;35m' |
|||
CYAN='[0;36m' |
|||
NC='[0m' # No Color |
|||
NL=' |
|||
' |
|||
|
|||
mkdir -p ./files/kaz/log/ ./files/kaz/download/ ./files/kaz/git/ |
|||
chmod a+rxw ./files/kaz/log/ ./files/kaz/download/ ./files/kaz/git/ |
|||
|
|||
cp Vagrantfile.dist Vagrantfile |
|||
|
|||
OLD_MEN=$(grep vb.memory Vagrantfile | sed -e 's%.*vb.memory\s*=\s*"\([^"]*\)".*%\1%') |
|||
OLD_CUPS=$(grep vb.cpus Vagrantfile | sed -e 's%.*vb.cpus\s*=\s*"\([^"]*\)".*%\1%') |
|||
MEM=$(expr $(head -1 /proc/meminfo | awk '{print $2}') / 4096) |
|||
CUP=$(expr $(nproc) / 2) |
|||
|
|||
cat <<EOF |
|||
${GREEN}${BOLD} |
|||
MEM: ${OLD_MEN} => ${MEM} |
|||
CUP: ${OLD_CUPS} => ${CUP} |
|||
${NC} |
|||
Update './Vagrantfile' |
|||
EOF |
|||
|
|||
sed -i Vagrantfile \ |
|||
-e 's%vb.memory\s*=\s*"[^"]*"%vb.memory = "'${MEM}'"%' \ |
|||
-e 's%vb.cpus\s*=\s*"[^"]*"%vb.cpus = "'${CUP}'"%' |
|||
|
|||
|
|||
APT_CONF="files/.apt-mirror-config" |
|||
if [ -f "${APT_CONF}" ]; then |
|||
. "${APT_CONF}" |
|||
fi |
|||
|
|||
### Personalisation d'un cache apt |
|||
if [ -z "${APT_MIRROR_DEBIAN}" ]; then |
|||
APT_MIRROR_DEBIAN=$(grep "deb\s.*/debian[^-]" /etc/apt/sources.list | head -1 | sed -e "s%.*deb\s.*://\([^/]*\)/debian.*%\1%") |
|||
fi |
|||
if [ -z "${APT_MIRROR_DEBIAN_SECURITY}" ]; then |
|||
APT_MIRROR_DEBIAN_SECURITY=$(grep "deb\s.*/debian-security" /etc/apt/sources.list | head -1 | sed -e "s%.*deb\s.*://\([^/]*\)/debian-security.*%\1%") |
|||
fi |
|||
if [ -z "${APT_MIRROR_UBUNTU}" ]; then |
|||
APT_MIRROR_UBUNTU=$(grep "deb\s.*://\([^/]*\)/ubuntu" /etc/apt/sources.list | head -1 | sed -e "s%.*deb\s.*://\([^/]*\)/ubuntu.*%\1%") |
|||
fi |
|||
if [ -z "${APT_MIRROR_UBUNTU_SECURITY}" ]; then |
|||
APT_MIRROR_UBUNTU_SECURITY=$(grep "deb\s.*://\([^/]*\)/ubuntu.*-security" /etc/apt/sources.list | head -1 | sed -e "s%.*deb\s.*://\([^/]*\)/ubuntu.*%\1%") |
|||
fi |
|||
|
|||
if [ -z "${APT_MIRROR_UBUNTU}" ]; then |
|||
APT_MIRROR_UBUNTU="${APT_MIRROR_DEBIAN}" |
|||
fi |
|||
if [ -z "${APT_MIRROR_UBUNTU_SECURITY}" ]; then |
|||
APT_MIRROR_UBUNTU_SECURITY="${APT_MIRROR_DEBIAN_SECURITY}" |
|||
fi |
|||
|
|||
while : ; do |
|||
cat <<EOF |
|||
${GREEN}${BOLD} |
|||
APT_MIRROR_DEBIAN=${APT_MIRROR_DEBIAN} |
|||
APT_MIRROR_DEBIAN_SECURITY=${APT_MIRROR_DEBIAN_SECURITY} |
|||
APT_MIRROR_UBUNTU=${APT_MIRROR_UBUNTU} |
|||
APT_MIRROR_UBUNTU_SECURITY=${APT_MIRROR_UBUNTU_SECURITY} |
|||
${NC} |
|||
EOF |
|||
|
|||
read -p "Update '${APT_CONF}' (ip:port or y/n)? [no] " proxy |
|||
case "${proxy}" in |
|||
*:* ) |
|||
APT_MIRROR_DEBIAN=${proxy} |
|||
APT_MIRROR_DEBIAN_SECURITY=${proxy} |
|||
APT_MIRROR_UBUNTU=${proxy} |
|||
APT_MIRROR_UBUNTU_SECURITY=${proxy} |
|||
;; |
|||
[YyOo]* ) |
|||
cat > "${APT_CONF}" <<EOF |
|||
# Generated by $(pwd)$(basename $0) |
|||
# $(date "+%x %X") |
|||
|
|||
APT_MIRROR_DEBIAN=${APT_MIRROR_DEBIAN} |
|||
APT_MIRROR_DEBIAN_SECURITY=${APT_MIRROR_DEBIAN_SECURITY} |
|||
APT_MIRROR_UBUNTU=${APT_MIRROR_UBUNTU} |
|||
APT_MIRROR_UBUNTU_SECURITY=${APT_MIRROR_UBUNTU_SECURITY} |
|||
EOF |
|||
break;; |
|||
""|[Nn]* ) break;; |
|||
* ) echo "Please answer ip:port, yes or no.";; |
|||
|
|||
esac |
|||
done |
|||
|
|||
|
|||
PROXY_CONF="files/.proxy-config" |
|||
if [ -f "${PROXY_CONF}" ]; then |
|||
FTP_PROXY=$(grep "ftp_proxy" "${PROXY_CONF}" | head -1 | sed -e "s%.*ftp_proxy\s*=\s*.*://\(.*\)%\1%") |
|||
HTTP_PROXY=$(grep "http_proxy" "${PROXY_CONF}" | head -1 | sed -e "s%.*http_proxy\s*=\s*.*://\(.*\)%\1%") |
|||
HTTPS_PROXY=$(grep "https_proxy" "${PROXY_CONF}" | head -1 | sed -e "s%.*https_proxy\s*=\s*.*://\(.*\)%\1%") |
|||
fi |
|||
|
|||
while : ; do |
|||
cat <<EOF |
|||
${GREEN}${BOLD} |
|||
export ftp_proxy=ftp://${FTP_PROXY} |
|||
export http_proxy=http://${HTTP_PROXY} |
|||
export https_proxy=https://${HTTPS_PROXY} |
|||
${NC} |
|||
EOF |
|||
read -p "proxy in '${PROXY_CONF}' (ip:port, yes or no)? [no] " proxy |
|||
case "${proxy}" in |
|||
*:* ) |
|||
FTP_PROXY=${proxy} |
|||
HTTP_PROXY=${proxy} |
|||
HTTPS_PROXY=${proxy} |
|||
;; |
|||
[yY]*|[Oo]* ) |
|||
cat > "${PROXY_CONF}" <<EOF |
|||
# Generated by $(pwd)$(basename $0) |
|||
# $(date "+%x %X") |
|||
|
|||
export ftp_proxy=ftp://${FTP_PROXY} |
|||
export http_proxy=http://${HTTP_PROXY} |
|||
export https_proxy=https://${HTTPS_PROXY} |
|||
EOF |
|||
break;; |
|||
""|[Nn]* ) break;; |
|||
* ) echo "Please answer ip:port, yes or no.";; |
|||
|
|||
esac |
|||
done |
|||
|
|||
CUSTOM_CONF=files/.customDocker.sh |
|||
echo |
|||
if [ -f "${CUSTOM_CONF}" ]; then |
|||
OLD_EDITOR=$(grep install "${CUSTOM_CONF}" | grep "\(joe\|emacs\|vim\)" | head -1 | sed -e "s%.*\(joe\|emacs\|vim\).*%\1%") |
|||
fi |
|||
while : ; do |
|||
read -p "Choose editor in '${CUSTOM_CONF}' (joe, emacs, vim or no)? [${GREEN}${BOLD}${OLD_EDITOR}${NC}] " editor |
|||
case "${editor}" in |
|||
joe|emacs|vim ) |
|||
if [ ! -f "${CUSTOM_CONF}" ]; then |
|||
echo "#!/bin/bash" > "${CUSTOM_CONF}" |
|||
fi |
|||
chmod a+x "${CUSTOM_CONF}" |
|||
if ! grep -qw "${editor}" "${CUSTOM_CONF}" 2> /dev/null ; then |
|||
echo "DEBIAN_FRONTEND=noninteractive apt-get install -y ${editor}" >> "${CUSTOM_CONF}" |
|||
echo "rsync -a /vagrant/files/.emacs* /root/" >> "${CUSTOM_CONF}" |
|||
fi |
|||
break;; |
|||
""|[Nn]* ) break;; |
|||
* ) echo "Please answer joe, emacs, vim or no.";; |
|||
esac |
|||
done |
Loading…
Reference in new issue